1 / 66

Verifying Interactive Web Programs

Verifying Interactive Web Programs. Daniel R. Licata Shriram Krishnamurthi Brown University. Popular Press. Quote:

edward
Download Presentation

Verifying Interactive Web Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University

  2. Popular Press Quote: But when I clicked on the National [car rental] price […], the site responded with this message: “You have back-buttoned too far”. This was my first experience with “back-button” as a verb. […] Since that was patently untrue, I decoded its true meaning: “We ran out [of cars]”. –M. Slatalla, New York Times, 2003-07-17

  3. A Headache for Companies • Minor problem: Users might get booked into the wrong hotels, onto the wrong flights, etc. • Major problem: People might embarass you in newspapers and in public talks

  4. The Orbitz Property • Orbitz Property: the user should receive a reservation at the hotel that was displayed on the page he submitted • In other words, the result does not depend on the page on which you did not click “Reserve” Should all sites have this property?

  5. Question What would Amazon want?

  6. The Amazon Property Amazon property: at the end, every book the user added to his shopping cart is actually in his shopping cart These properties are • not fixed in number • temporal in nature  model checking

  7. Model Checking • From the source code of a program, generate a model that captures the behaviors of interest • Consume properties written by the developer • Automatically check whether or not the model satisfies the properties

  8. Model Checking • From the source code of a program, generate a model that captures the behaviors of interest • Consume properties written by the developer • Automatically check whether or not the model satisfies the properties

  9. Modelling Web Programs Model = control-flow graph (CFG) What would a model of Orbitz look like?

  10. Modelling Orbitz display hotel list set chosen use chosen to compute displayed use chosen to compute reserved display reservation display details for displayed

  11. User Operations add Control Flow • The browser's back-button introduced control flow not present in the original CFG • Other browser operations do the same How many operations do today's browsers provide?

  12. One Browser How can we model all of these operations? Alt+Tab

  13. User Operation Calculus • Express all browser operations in terms of primitive user operations: • submit form to server • switch to previously-visited page [Graunke et al., 2003] • Only need to account for these two operations' control flow

  14. Our Model: the WebCFG • submit corresponds to program's control flow Already in the CFG • switch permits returning to any previously-visited Web-interaction point Add edges from each Web-interaction node to the successors of all the others (WebCFG)

  15. The Orbitz CFG display hotel list set chosen use chosen to compute displayed use chosen to compute reserved display reservation display details for displayed

  16. The Orbitz WebCFG display hotel list set chosen use chosen to compute displayed use chosen to compute reserved display reservation display details for displayed

  17. Model Checking • From the source code of a program, generate a model that captures the behaviors of interest • Consume properties written by the developer • Automatically check whether or not the model satisfies the properties

  18. Properties We want to state properties about Web pages

  19. <html> <body bgcolor=yellow> <table> <td> <p> Residence Inn by Marriot Charleston Downtown ... </html> Properties Web pages are written as HTML source

  20. Properties We want to reason about Web page texts <html> <body bgcolor=yellow> <table> <td> <p> Residence Inn by Marriot Charleston Downtown ... </html>

  21. Properties How can we associate these texts with the corresponding HTML source? <html> <body bgcolor=yellow> <table> <td> <p> Residence Inn by Marriot Charleston Downtown ... </html>

  22. Relating Web Page Content to Source • Parse the text? Too hard • Static-distance coordinates? Too brittle What else can we do?

  23. <html> <body bgcolor=yellow> <table> <td> <p id=”reserved”> Residence Inn by Marriot Charleston Downtown ... </html> Relating Web Page Content to Source Capitalize on Cascading Style Sheet (CSS) ID tags!

  24. Relating Web Page Content to Source • If the tag is in the HTML, it must be present in the source of the program that generates the page • This relates Web page text to the Web program source expression that generates it

  25. Annotating the WebCFG Annotate each WebCFG state with the propositions true in that state <html> <body bgcolor=yellow> <table> <td> <p id=”reserved”> Residence Inn by Marriot Charleston Downtown ... </html> generate reservation page generate reservation text tag=reserved

  26. Defining our Property Language • The annotated WebCFG describes the set of traces that potentially occur • The developer writes an automaton accepting the set of traces that should occur • Verification is containment of the former in the latter [Vardi and Wolper, 1986]

  27. Example Property Password-Page Property: Before reaching an access-controlled page, the user must go through a password page tag=password-entry 2 1 violation tag=access-controlled Note: In properties, tags label transitions

More Related